SystemsNet Blog

Category Archives: Anti-virus

Kovter Strikes Computers Everywhere

August 16, 2018Anti-virus, Securityantivirus, malware, protection, security, Symantec, viper, vipre, Virus, WebrootSystemsNet Administrator

Are you prepared for when disaster strikes

Every year, there are high-impact viruses that plague individuals and businesses alike. One of the newest that has wreaked havoc on the world of IT is known as Kovter. It’s affecting a number of computers and there are a lot of people that have been impacted by its destruction.

What is Kovter?

Kovter works as a Trojan. It has acted as a ransomware downloader as well as click-fraud malware. It is disseminated using malspam email attachments that contain malicious office macros. One of the ways that this fileless malware has been able to evade detection is by hiding inside of registry keys.

There has been a number of reports that indicate the Trojan infections receive updated instructions from a command and control infrastructure that serves as a remote access back door. When this happens, the hackers will have an access point into your computer or server.

Kovter showed up several years ago and continues to be the biggest threat throughout 2018. Part of this is because it has evolved significantly. It may use code injection as a way of infecting the target and will steal information so that it goes back to the command and control servers.

How to Look for Kovter

Kovter is really good at hiding itself. It generally infects a computer using an attachment that comes over as a micro-based spam. Once the attachment is opened, it will install on the computer and hide within the registry entries. Most of the attachments are compromised Microsoft office files.

Since it is fileless, it can be difficult to detect. However, you want to make sure that your organization is aware of how to protect against email threats. Use various anti-spam filters so that malicious emails can be blocked before reaching the endpoint user. You also want to make sure that security updates are applied as soon as possible.

Who Has Been Affected?

A number of people throughout the UK, US, Canada, and Australia have been affected by the Trojan. Many people found the virus through a malvertising campaign or Traffic Junky. People were sent to a pop-up that told them they needed to install an update to their browser. By doing so, they unknowingly downloaded Kovter to their computer.

It’s unclear as to how many computers have actually been affected – though the number is easily into the tens of thousands since one version or another has been around since as early as 2011.

What You Can Do

You need to be sure that you have a high level of security within your business. You want to make sure that you are protecting your servers and workstations so that they stay free of viruses and Trojans. Otherwise, malware can render your computer absolutely useless or result in important data being lost or stolen.

Webroot Antivirus is a 20-time winner from PCMag. It provides you with the antivirus protection on all of your devices so that you can enjoy a greater level of peace of mind. You get advanced threat protection and the security is always on. You can stop ransomware and enjoy real-time blocks on harmful sites. This way, no matter how much you teach your employees not to go to specific sites, you can ensure that dangerous sites are blocked to avoid various problems. Additionally, based on the antivirus protection that you choose, you will also be able to monitor your firewall and network connection and secure various smartphones and tablets that are used by your employees.

Learn more about Webroot Antivirus and how it can protect your servers and workstations by contacting SystemsNet today. Our various packages will monitor your systems and help you with all of the various components of your IT infrastructure. As geeks, we work hard to help you protect your systems

What Can You Do To Defend Yourself Against Ransomware?

October 27, 2017Anti-virus, SecurityRecent virus release, webroot antivirusSystemsNet Administrator

Anti-Virus protection Webroot lock protecting against Ransomware trying to attack business data

Ransomware the preferred method of thieves

Do you remember when cyber thieves would steal the credit card numbers of people, checking account numbers, and other private financial information when they wanted to make money? That was their traditional way of making quick money. Now, the cyber thieves have found a new way of making money. They are now using ransomware, and everyone can become a target.

Ransomware can attack big corporations, health care facilities, government offices, police stations, etc. Since this has become such a big thing, you would think someone will eventually do something to stop these criminals, right? We don’t want you to hold your breath on that one.

You will basically be responsible for fighting against the various attacks from cyber thieves. A hacker will use ransomware to encrypt some of your files or maybe even your entire computer. You will not be able to unlock the files or the computer until you pay the money. Many people who have been victims ransomware have made the decision to pay the money. Even if you made the wise decision to have your computers and files backed up, you will still feel the impact of the ransomware attack.

You will find yourself paying for someone to disinfect all of your machines that were impacted by the ransomware attack and you will also have to restore all the data you backed up. For many businesses, this could mean that you will spend days or weeks trying to get your business back to where it was before the attack.

If you think you may be at risk for an attack, there are various things you can do to make sure your business will be protected.

Back Up Your Data

If you truly want to make those attackers angry, you should make sure your data is backed up. The best way to defend yourself against any type of malicious attack is to not allow anyone to get anywhere near your business’s data. Your data should be backed up on a daily basis. If your data is backed up and someone locks your computers, you will know that your data is safe and secure somewhere else.

If you lose access to 10 years worth of business data that has been saved in the cloud, you will not have to pay a cyber thief to release your data because you will have access to the backups. It is important that you remember that many attackers can lock backups that have been saved to your server or on a storage device. Your backups should be stored offline.

Do Not Fall For The Email Tricks

If you receive an email that looks suspicious, you should stay away from it. You do not want to click a link that can result in malware finding its way into your computers. Emails are not the only way to infect computers with malware. Malware is even being placed on ads. If you truly want to protect yourself from the malicious ads that can seem very real, we recommend that you use appropriate ad blockers. If you want your workers to be on the lookout for suspicious ads, you can consider using training to help them understand what ransomware can look like. Educating the workers can be a huge step in decreasing your office’s chance of being attacked.

Protect Yourself

What Anti-Virus protection are you currently using in your workplace? If you want to stay protected from attacks on your computers, servers, networks, your best option will be to use Webroot. Why should you pay a ransom for your data when you can use Webroot? Ransomware attacks will continue to spread, but this does not mean you will have to be a victim. Contact us today for more information on ransomware attacks and what you can do to avoid being attacked.

Recent Virus Release Starts In Ukraine And Spreads Across The Globe

September 21, 2017Anti-virusanti-virus, Global Hacking Attack, malware, VirusSystemsNet Administrator

Cyber security is a critical component in preventing downtime in your network

An international cyber attack, known as “Petya”, struck computer systems across the globe, starting in Ukraine. Tens of thousands of machines in Ukraine and the United States were impacted. Automated teller machines stopped working in the capital of Ukraine. Workers all across the globe had to quickly scramble to make the necessary adjustments.

It has not been determined who is responsible for the cyber attack. No details have been released at how impactful the cyber attack was. The attack started on the Ukrainian government. This is not the first cyber attack that has taken place as of late. The difference between this cyber attack is that it seems to be one of the most advanced attacks that have taken place since the National Security Agency had some of its hacking tools stolen.

This global hacking attack took control of all the computers. Since the hackers obtained control of the computers, the attackers demanded ransom in order for them to release access to the owners of the computers. This recent attack used the hacking tool, Eternal Blue. Eternal Blue was also used in the WannaCry attacks. Not only did the attacks use Eternal Blue, but there were also other methods that were used to carry out the cyber attacks.

There has not been any acknowledgment on the National Security Agency’s behalf regarding the use of their hacking tools. However, there have been many computer security professionals who have requested that the National Security Agency to help everyone across the globe protect itself against tools that they created.

Microsoft releases patches for its software and operating systems, but this does not always mean that the patch will be installed quickly and correctly. Since the ransomware used more than one method to spread across the computers, even some computers that were actually patched correctly and patched quickly were not excluded from the attack.

One of the most well-known computer attackers is viruses. Viruses can do a great deal of damage to computers, and an entire organization. There are various types of viruses that each have the ability to compromise a computer in multiple ways.

While many people think they will never download a file that is corrupt or that they will never click a website that is a scam, it is important that everyone remembers that a hacker is very intelligent. A hacker can create any type of virus and anyone can easily be tricked. Some viruses can even lead people to believe that they are software that will protect you from a virus.

Once your computer has been infected with a virus, your entire computer can be damaged beyond the point of repair. Your computer’s performance can be slowed down, critical files, photos, and videos can be damaged, lost, spread across other computers, etc. Viruses can cause you to spend up to thousands of dollars in computer repairs, replacements, etc.

Fortunately, there are tools you can use to help you protect yourself. One of those tools is Webroot Antivirus. The internet is not as safe as we would like it to be. Even if you are a computer whiz or extremely tech-savvy, you may still accidentally download malware, viruses, or you may even be a victim of identity theft.

When you are aware of the consequences of not having the proper anti-virus protection, you will be able to spread the word to others. Hackers are savvy, and they can easily trick anyone into clicking a link or downloading a file. We want you to protect your files, your computer, and your business. Contact us today for additional information on the latest virus releases and the best protection for your servers and workstations.

The WannaCry Attack & How Webroot Protects You

June 15, 2017Anti-virusDetecting WannaCry Ransomware, Prevent Ransomware Attacks, WannaCry, WannaCry ransomware attack, Webroot SecureAnywhere software, Webroot's protectionSystemsNet Administrator

The headache of WannaCry ransomware attack

On May 12th, 2017, a ransomware virus known as “WannaCry” rapidly spread through private networks and the Internet. The ransomware soon held data “hostage” in hundreds of thousands of computer systems, disrupting Great Britain’s National Health Service along with other institutions and businesses across more than 150 countries. However, systems with Webroot SecureAnywhere software installed found themselves thankfully protected from the virus.

Initial wave of attacks

The WannaCry ransomware virus uses a worm-like mechanism, or “cryptoworm,” to spread across private networks and the Internet. Once it affects a system, it encrypts the system’s data and holds it for ransom. The ransomware demands that the system owner’s deposit several hundred U.S. dollars’ worth of Bitcoins into a specific account before the ransomware will release their data.

The WannaCry virus works by exploiting a vulnerability in Windows operating systems. The vulnerability has a complex and storied history and may have been known to the U.S government long before it was known to Microsoft. However, soon after learning of their software’s security vulnerability, Microsoft released a security patch on March 14th, 2017 to protect supported systems.

The initial attack took place on May 12th, 2017 and quickly affected more than 300,000 systems whose owners or administrators had not yet installed Microsoft’s patch. Perhaps the cyber attack’s most prominent target was Great Britain’s National Health System. On May 13th, Microsoft took swift action against the attack. Although it had already released a patch for supported versions of Windows, the company now released an emergency update for legacy versions, including Windows XP and Windows Server 2003, despite the fact that Microsoft no longer officially supported these operating systems.

A security researcher who blogs under the name “MalwareTech” effectively halted the initially wave of attacks. Inadvertently, the researcher found that by registering an extremely long domain name found in the code of the WannaCry malware, the attack came to a halt. In short, registration of that domain was the “kill switch” for the virus.

Further attacks and findings

At least two variants of the initial WannaCry virus began to impact still more computer systems on May 14th, 2017. However, Matthieu Suiche, founder of Comae Technologies, found another kill switch in the code of one of the two variants. According to Suiche in a Tweet with an accompanying graph on May 15th, his company halted roughly “10K machines from spreading further.” As a result, the second wave of attacks was not as effective as the first.

After the initial two waves of attacks, further variants of WannaCry have continued to affect systems across the globe. As of May 25th, 2017, the most recent attack making headlines is WannaCry’s apparent penetration of the postal service in Russia.

Webroot’s protection

One indication of the effectiveness of anti-virus and security software such as Webroot may be customer call volume during an attack. One would expect call volume to spike as users suddenly find their systems compromised. However, according to Webroot’s LeVar Battle, responding to a comment on the company’s May 13th update to the Webroot Threat Blog “our call volume has not been impacted at all by this threat.” The post explains that despite the virus’ widespread impact, the basic structure of the malware itself is “similar to what we’ve seen before.” It is the worm-like propagation of the virus that has taken so many systems by surprise. According to the May 13th blog post, “Webroot SecureAnywhere does currently protect you from WannaCry ransomware.” At the same time, Webroot strongly recommends updating to the very latest version of your system software, a best practice that ensures mult-layered security. Moreover, they recommend becoming as educated as you can about ransomware and other common security threats.

Webroot’s latest post, addressing the second wave of attacks, reinforces their earlier reassuring statement and further maintains that Webroot is continuing to develop new solutions to protect their users against WannaCry variants as they arise.Â

Staying secure

The WannaCry ransomware attack is one of the most damaging cyber-attacks in years. The virus’ worm-like method of propagation exploits a vulnerability in Microsoft operating systems. Although Microsoft released a patch for supported systems well ahead of the attack, many companies and institutions did not install the patch in time. As a result, WannaCry’s initial wave of attacks affected more than 300,000 computer systems across more than 150 countries. Although cybersecurity researcher MalwareTech inadvertently halted the inital attack with a kill switch, new variants have continued to arise. Thankfully, users of leading security software Webroot SecureAnywhere found themselves protected from the attack.